#CyberFLASH: Canadian companies far from cyber-security ready

gv_20140408_biv0108_140409938.jpg__0x400_q95_autocrop_crop-smart_subsampling-2_upscaleA recent survey of 2,200 companies across 18 countries found that Canadian companies are some of the world’s least equipped to deal with cyber threats.

The study ranks 18 countries based on the percent of business that are adopters of effective modern cyber security procedures and technology. On a list of 18 Canada was No. 15, beating only the Netherlands, Japan and the United Arab Emirates.

“We’re moving from theft, which is costly, to potential catastrophe,” Steve Duplessie, founder and senior analyst at computer consulting firm Enterprise Strategy Group, said in a press release. “There are forces at play now that aren’t satisfied with just stealing your money, they want to destroy your entity. You can either start taking these threats seriously, or start looking for a hole to crawl into. Ignorance is no longer bliss.”

The technology market research firm Vanson Bourne was contracted by the data storage company EMC to perform the study. Vanson Bourne surveyed 100 Canadian companies and found that the majority were “laggards” when it comes to adopting cyber security technologies.

Vanson Bourne found that 52% of Canadian companies surveyed had suffered unplanned system downtime some time over the last 12 months. On average, the unplanned downtime cost Canadian companies $414,000 per incident.

Read more here

#CyberFLASH: Canadian cyberthreats differ from those in the U.S., report says

CANADA-storyThe U.S. and Canada both see their fair shares of malware such as Dridex and other banking trojans, but there was one threat conspicuously absent from Canada’s list of common threats – ransomware

While prominent in the U.S., ransomware is just not a thing north of the border Trend Micro researchers revealed in it Canada threat landscape report.

“For whatever reasons the market forces just aren’t driving them in that direction,” Christopher Budd, global threat communications manager at Trend Micro, told SCMagazine.com.

Though the report didn’t specify a reason for ransomware’s absence, Budd hinted that cost-benefit analyses by cybercriminals could show that using ransomware may have a low-yield because Canadians are not culturally attuned to falling victim such attacks.

Budd pointed out that ransomware attacks have worked their way around the globe, initially rising to prominence in New Zealand and the U.K., before cybercriminals used it to target Americans. So, it is possible that Canadians may be targeted more in the future, he said.

OpenCandy adware toolbar and Dridex malware are currently the most prominent threats in Canada.

Cybercriminals in the U.S. influence the Canadian threat landscape by providing the infrastructure for hosting malicious content. And the majority of malicious sites that Canadians visit are predominantly hosted in the U.S. – malicious hosting in Canada simply isn’t as sophisticated as it is in other countries.

Read more here

#CyberFLASH: New cybersecurity network aims to share data on emerging threats

malware-hacking-cybersecurityLeaders of some of Canada’s largest industries are creating a new network to help businesses and the public stay abreast of emerging cyber threats from malware, hackers and online criminals.

“The threat is constantly evolving. The kinds of attacks, viruses and malware are rapidly changing. Nobody has the capability of staying ahead of it all the time,” said John Manley, president of the Canadian Council of Chief Executives, which is spearheading the program.

Billed as the CCTX — or the Canadian Cyber Threat Exchange — it is set to launch in early 2016.

It will be run as an independent, not-for-profit organization open to business and institutions of all sizes. Its founding members include Air Canada, Bell Canada, CN Rail and HydroOne, as well as Royal Bank and TD.

Confidentiality around cyber breaches​

A CBC News investigation into cybercrime this fall determined Canada lags behind other countries when it comes to tracking, policing and thwarting cybercrime. Until now, Canada has had no system to track cyber incidents and private companies are not required to alert the public or customers when there is a breach.

Manley says most Canadian companies fear publicly acknowledging being a victim of a cyberattack for fear of losing business.

Read more here

#CyberFLASH: Manitoba Hydro may be vulnerable to cyber-attacks: report


Manitoba’s auditor general says Manitoba Hydro could be vulnerable to a cyber-attack by hackers or terrorists.

A report released this week by Carol Bellringer said a visit to four generating stations uncovered serious weaknesses in cyber-security controls.

“(It) could result in unintentional and/or inappropriate commands that could lead to equipment malfunction, causing significant risks to the health and safety of Manitobans as well as the environment,” wrote Bellringer.

She made recommendations to Hydro, including identifying and mitigating risks. The Crown corporation said, for the most part, it embraces all of them and said it recognizes the importance of implementing proper cyber-security protocols.

Read more here

Trend Micro and INTERPOL to Collaborate in Support of Global Law Enforcement’s Efforts Against Cybercrime


OTTAWA – Trend Micro Inc., a global leader in security software and solutions, today announced its collaboration with INTERPOL to support global law enforcement programs against cybercrime.

Today’s cyber threats are becoming increasingly more targeted and sophisticated with criminal networks operating across the world, coordinating complex attacks against targets in a matter of minutes.

Due to the complexity of the cyber-threat landscape, cybercrime investigations are profoundly different in nature to traditional crime, requiring high-level technical expertise and large-scale cross-jurisdictional investigations. It is essential that law enforcement prioritize resources, build cross-jurisdictional and cross-sectorial collaboration in addition to developing the technical expertise, tools and infrastructure required to effectively combat threats and eventually enhance digital security.

Read more here

Canada still vulnerable to cyber-attacks, says auditor general

OTTAWA — The federal government’s inability to protect its own networks and critical infrastructure from cyber-threats was laid bare Tuesday, after Canada’s auditor general pointed to holes in the country’s cyber-security strategy despite more than a decade of work and almost $1 billion spent.

The auditor’s fall 2012 report put a renewed focus on cyber-security at the federal level, as governments around the world continue to face cyber-based attacks. With more of the federal government’s business going online, critics argued the report showed how far behind Canada is on cyber-security. Federal officials told the auditor general they feared the “cyber threat environment is evolving more rapidly than the government’s ability to keep pace,” his report said.

Governments are “starting to understand the nature of the threat” they face, said Nart Villeneuve, a senior threat researcher with TrendMicro in Toronto, but he added the federal government still has a way to go to prove it can keep sensitive information secure. It failed to do so, for instance, in a January 2011 cyber-attack on Treasury Board and Department of Finance systems.

Read more here

Canada confirmed that there were two attempts by hackers to target Canadian firms

Reports suggested the attacks came from China, but the Canadian government has declined to comment on such suggestions. 

The attacks come at a sensitive time as Canada’s Conservative government decides on whether to approve the $15.1 billion takeover bid of Canadian oil producer Nexen by China’s CNOOC.

Read more here

Cyber Espionage: The Chinese Threat, details of Nortel compromise

Details of cyber intrusion and theft of Nortel Network’s intellectual property dating as far back as 2000.

YouTube Preview Image

Read more on CNBC

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.